1
24.7 Production Series / Re: Failing widgets after upgrade to 24.7
« on: July 29, 2024, 03:24:55 pm »
Latest update 24.7_9 seems to have resolved all my known GUI and timeout issues.
Thanks guys.
Thanks guys.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
2
24.7 Production Series / Re: Failing widgets after upgrade to 24.7
« on: July 28, 2024, 12:01:16 pm »
Wish I could do even that. Thought I could start with zero widgets, but saving the dashboard settings doesn't even work. Also the traffic graph widget cannot be closed. Furthermore the selection menu runs underneath the "Add Widget" page.
3
24.7 Production Series / Failing widgets after upgrade to 24.7
« on: July 25, 2024, 05:50:53 pm »
I was looking forward to a new dashboard, after upgrading to 24.7 but it's still a bit disapointing.
As the attached picture shows, some of the widgets do not work (yet).
"System Information" sometimes shows after a page refresh, but after a short while it shows "failed" again.
Are these known issues for all of the failing widgets?
Hope we get a hotfix soon.
As the attached picture shows, some of the widgets do not work (yet).
"System Information" sometimes shows after a page refresh, but after a short while it shows "failed" again.
Are these known issues for all of the failing widgets?
Hope we get a hotfix soon.
4
General Discussion / Block internet access from VLAN. But whats the right way to do it?
« on: May 10, 2024, 08:01:25 pm »
I'm using several VLAN's that all have access to the internet, it's own VLAN and DNS on LAN, but nothing else on the network. See GUEST VLAN.jpg.
I think this looks fine.
My problem is with the camera network that I also don't want to give internet access.
Despite trying all kind of rules, I did not get a good result at first.
Except when adding the blocking rule on top of the others that is shown on the CAM VLAN.jpg.
What can I say, it works but i have the feeling its a bit of a novice solution.
The DNS access can also be obsoleted I gather.
Can you help me, or show me your solutions for this problem?
Thanks.
I think this looks fine.
My problem is with the camera network that I also don't want to give internet access.
Despite trying all kind of rules, I did not get a good result at first.
Except when adding the blocking rule on top of the others that is shown on the CAM VLAN.jpg.
What can I say, it works but i have the feeling its a bit of a novice solution.
The DNS access can also be obsoleted I gather.
Can you help me, or show me your solutions for this problem?
Thanks.
5
23.1 Legacy Series / Re: Upload Certificate to Truenas possible?
« on: May 13, 2023, 08:01:21 pm »
Thanks for your reply.
It wasn't exactly what I was searching for.
For this challenge there are few services working together, like OpnSense, Let's Encrypt and Truenas.
But I took it into another "easier" direction.
My doubt was if it would be possible to also use ACME on Truenas and on OpnSense at the same time creating the same wildcard certificate. It seems this is supported.
So now I'm simply creating the certificate as usual on OpnSense and configured the same on Truenas.
Problem solved.
It wasn't exactly what I was searching for.
For this challenge there are few services working together, like OpnSense, Let's Encrypt and Truenas.
But I took it into another "easier" direction.
My doubt was if it would be possible to also use ACME on Truenas and on OpnSense at the same time creating the same wildcard certificate. It seems this is supported.
So now I'm simply creating the certificate as usual on OpnSense and configured the same on Truenas.
Problem solved.
6
23.1 Legacy Series / Upload Certificate to Truenas possible?
« on: May 09, 2023, 10:47:54 pm »
Does anyone know if it's possible to upload a certificate from ACME with automation to TrueNas scale.
Maybe it is in development, but I can't find anything about it.
It's a wildcard certificate from let's encrypt that I'm using for Synology and also want to use for my TrueNas scale.
Or is the other way around possible, to use ngingx or traefic on Truenas and get it from OpnSense/ACME.
Or is it all to complex and simply use a different certificate on my Truenas scale.
I'm quite a bit relaying on the GUI userinterface and am not to familiar with linux commands at all.
Does anyone have experience with this?
Maybe it is in development, but I can't find anything about it.
It's a wildcard certificate from let's encrypt that I'm using for Synology and also want to use for my TrueNas scale.
Or is the other way around possible, to use ngingx or traefic on Truenas and get it from OpnSense/ACME.
Or is it all to complex and simply use a different certificate on my Truenas scale.
I'm quite a bit relaying on the GUI userinterface and am not to familiar with linux commands at all.
Does anyone have experience with this?
7
23.1 Legacy Series / Re: The new unbound reporting is pretty cool
« on: February 04, 2023, 01:11:51 pm »
The only hing that's disappointing to me is when using the color scheme "os-theme-rebellion". The details page is barely readable.
8
General Discussion / OpnSense blocks login.microsoftonline.com
« on: December 11, 2022, 10:06:02 pm »
I think this a a shot in the dark, but I think that my OPNSense is blocking login.microsoftonline.com
It's OPNSense or the way it is configured, because when I make a Wifi connection through a hotspot on my Phone, the signin validates immediately.
Also from another PC, I cannot Signin from Visual Studio, connected to my private network.
Through Fiddler I see that Visual Studio Signin goes to login.microsoftonline.com but doesn't return an answer.
I've disabled ClamAV (i think non related), Intrusion Detection, Unbound DNS (BlockList), without success.
But I still have no clou how I can see that the Visual Studio Signin passes or is blocked.
Is there a way to passthrough this url to see if it's caused by OPNSense. Or is there a good monitoring tool that can help me.
It's OPNSense or the way it is configured, because when I make a Wifi connection through a hotspot on my Phone, the signin validates immediately.
Also from another PC, I cannot Signin from Visual Studio, connected to my private network.
Through Fiddler I see that Visual Studio Signin goes to login.microsoftonline.com but doesn't return an answer.
I've disabled ClamAV (i think non related), Intrusion Detection, Unbound DNS (BlockList), without success.
But I still have no clou how I can see that the Visual Studio Signin passes or is blocked.
Is there a way to passthrough this url to see if it's caused by OPNSense. Or is there a good monitoring tool that can help me.
9
General Discussion / Re: OPNsense not accessible after restore
« on: August 28, 2022, 09:29:28 pm »
Sorry about this I had to access it with domain:8443 instead of 1443.
what I did notice is that following plugins reported as missing?
os-acme-client (missing) 3.13 700KiB OPNsense ACME Client
os-clamav (missing) 1.7_1 47.5KiB OPNsense Antivirus engine for detecting malicious threats
os-intrusion-detection-content-et-open (missing) 1.0.1 1.53KiB OPNsense IDS Proofpoint ET open ruleset complementary subset for ET Pro Telemetry edition
os-iperf (missing) 1.0_1 24.6KiB OPNsense Connection speed tester
os-nginx (missing) 1.29 911KiB OPNsense Nginx HTTP server and reverse proxy
os-theme-rebellion (missing) 1.8.8 5.20MiB OPNsense A suitably dark theme
what I did notice is that following plugins reported as missing?
os-acme-client (missing) 3.13 700KiB OPNsense ACME Client
os-clamav (missing) 1.7_1 47.5KiB OPNsense Antivirus engine for detecting malicious threats
os-intrusion-detection-content-et-open (missing) 1.0.1 1.53KiB OPNsense IDS Proofpoint ET open ruleset complementary subset for ET Pro Telemetry edition
os-iperf (missing) 1.0_1 24.6KiB OPNsense Connection speed tester
os-nginx (missing) 1.29 911KiB OPNsense Nginx HTTP server and reverse proxy
os-theme-rebellion (missing) 1.8.8 5.20MiB OPNsense A suitably dark theme
10
General Discussion / OPNsense not accessible after restore
« on: August 28, 2022, 08:28:22 pm »
After a sudden crash of OPNSense 22.7.2 it did no longer boot.
because I don't know much about linux and freesbd the only solution I could think of was to reinstall and restore the settings.
After the initial install I could reach 192.168.1.1 directly from my laptop, and was able to restore the latest backup from the explorer. After that internet again worked, restoring my iprange to 192.168.178.x. Also dns and dhcp (as it should) worked again after the restore.
problem now i that I cant access opnsense any more throught http://192.168.178.1/index.php or https://192.168.178.1:1443/index.php.
is there any way to configure some rule or setting, by console, to access my opnsense again from my laptop.
because I don't know much about linux and freesbd the only solution I could think of was to reinstall and restore the settings.
After the initial install I could reach 192.168.1.1 directly from my laptop, and was able to restore the latest backup from the explorer. After that internet again worked, restoring my iprange to 192.168.178.x. Also dns and dhcp (as it should) worked again after the restore.
problem now i that I cant access opnsense any more throught http://192.168.178.1/index.php or https://192.168.178.1:1443/index.php.
is there any way to configure some rule or setting, by console, to access my opnsense again from my laptop.
11
General Discussion / Re: Modified Unbound DNS configuration never restarts
« on: July 08, 2022, 06:41:45 pm »
thanks franco and cookiemonster,
nothing found yet.
I ran both commands before changing anything and after. no errors found.
I feel a bit foolish, because now the issue doesn't happen (version OPNsense 22.1.10-amd64 from last night), whatever i try.
Still i'm not convinced that it won't happen after Opnsense has run for a while.
I will keep you updated.
nothing found yet.
I ran both commands before changing anything and after. no errors found.
I feel a bit foolish, because now the issue doesn't happen (version OPNsense 22.1.10-amd64 from last night), whatever i try.
Still i'm not convinced that it won't happen after Opnsense has run for a while.
I will keep you updated.
12
Dutch - Nederlands / Re: Ziggo modem in bridge mode en MTU en prefix length van OPNSense
« on: July 07, 2022, 07:13:53 pm »
Dag Eric,
Opnsense werkt qua verbinding met Ziggo nu zeer stabiel.
mijn instellingen zijn:
Basic configuration:
Enable: Yes
Generic configuration:
Block private networks: Yes
Block bogon networks: Yes
IPv4 Configuration Type: DHCP
IPv6 Configuration Type: DHCPV6
Speed and duplex: Default
DHCP client configuration:
Configuration Mode: Basic
Override MTU: Yes
DHCPv6 client configuration:
Configuration Mode: Basic
Request only an IPv6 prefix: Yes
Prefix delegation size: 56
Send IPv6 prefix hint: Yes
Use VLAN priority: Disabled
Opnsense werkt qua verbinding met Ziggo nu zeer stabiel.
mijn instellingen zijn:
Basic configuration:
Enable: Yes
Generic configuration:
Block private networks: Yes
Block bogon networks: Yes
IPv4 Configuration Type: DHCP
IPv6 Configuration Type: DHCPV6
Speed and duplex: Default
DHCP client configuration:
Configuration Mode: Basic
Override MTU: Yes
DHCPv6 client configuration:
Configuration Mode: Basic
Request only an IPv6 prefix: Yes
Prefix delegation size: 56
Send IPv6 prefix hint: Yes
Use VLAN priority: Disabled
13
General Discussion / Modified Unbound DNS configuration never restarts
« on: July 07, 2022, 06:35:22 pm »
Every time I modify some Unbound DNS setting, but mostly Overrides, the service does not restart.
It does stop running after the settings are saved.
Also trying to do a manual start does not work. It halts for a few seconds showing it wants to start, but nothing happens.
Only after a reboot the service is again up and running.
Does anyone has an explanation for this behavior, and can it be resolved, or where can I find any logging why the service does not restart?
Thanks.
It does stop running after the settings are saved.
Also trying to do a manual start does not work. It halts for a few seconds showing it wants to start, but nothing happens.
Only after a reboot the service is again up and running.
Does anyone has an explanation for this behavior, and can it be resolved, or where can I find any logging why the service does not restart?
Thanks.
14
General Discussion / Startup of OPNSense or FreeBSD takes about 7 minutes
« on: June 25, 2022, 07:26:28 pm »
I did a few re-installs when I started using OPNsense and one after since and every time after the second or third reboot, the startup took more time than the 1 or 2 minutes I was expecting. During the startup I can see the timeouts as shown below. These look like the cause of the slow startups. It might not be something in OPNsense itself but more a hardware setup problem.
OPNsense is running on this hardware https://www.amazon.nl/dp/B09PHGWPMB
Does anyone have a suggesting what hardware setup could be the cause of this problem, or maybe some driver problem?
lo0: link state changed to UP
igc0: link state changed to DOWN
igc1: link state changed to DOWN
igc0: link state changed to UP
igc1: link state changed to UP
ahcich1: Timeout on slot 9 port 0
ahcich1: is 00000000 cs 00000000 ss 00000200 rs 00000200 tfd 50 serr 00000000 cmd 0000d517
(ada0:ahcich1:0:0:0): SEND_FPDMA_QUEUED DATA SET MANAGEMENT. ACB: 64 01 00 00 00 40 00 00 00 00 00 00
(ada0:ahcich1:0:0:0): CAM status: Command timeout
(ada0:ahcich1:0:0:0): Retrying command, 3 more tries remain
ahcich1: Timeout on slot 26 port 0
ahcich1: is 00000000 cs 00000000 ss 04000000 rs 04000000 tfd 40 serr 00000000 cmd 0000da17
(ada0:ahcich1:0:0:0): SEND_FPDMA_QUEUED DATA SET MANAGEMENT. ACB: 64 01 00 00 00 40 00 00 00 00 00 00
(ada0:ahcich1:0:0:0): CAM status: Command timeout
(ada0:ahcich1:0:0:0): Retrying command, 2 more tries remain
ahcich1: Timeout on slot 31 port 0
ahcich1: is 00000000 cs 00000000 ss 80000000 rs 80000000 tfd 40 serr 00000000 cmd 0000df17
(ada0:ahcich1:0:0:0): SEND_FPDMA_QUEUED DATA SET MANAGEMENT. ACB: 64 01 00 00 00 40 00 00 00 00 00 00
(ada0:ahcich1:0:0:0): CAM status: Command timeout
(ada0:ahcich1:0:0:0): Retrying command, 1 more tries remain
ahcich1: Timeout on slot 4 port 0
ahcich1: is 00000000 cs 00000000 ss 00000010 rs 00000010 tfd 40 serr 00000000 cmd 0000c417
(ada0:ahcich1:0:0:0): SEND_FPDMA_QUEUED DATA SET MANAGEMENT. ACB: 64 01 00 00 00 40 00 00 00 00 00 00
(ada0:ahcich1:0:0:0): CAM status: Command timeout
(ada0:ahcich1:0:0:0): Retrying command, 0 more tries remain
ahcich1: Timeout on slot 9 port 0
ahcich1: is 00000000 cs 00000000 ss 00000200 rs 00000200 tfd 40 serr 00000000 cmd 0000c917
(ada0:ahcich1:0:0:0): SEND_FPDMA_QUEUED DATA SET MANAGEMENT. ACB: 64 01 00 00 00 40 00 00 00 00 00 00
(ada0:ahcich1:0:0:0): CAM status: Command timeout
(ada0:ahcich1:0:0:0): Error 5, Retries exhausted
pflog0: permanently promiscuous mode enabled
WARNING: attempt to domain_add(netgraph) after domainfinalize()
OPNsense is running on this hardware https://www.amazon.nl/dp/B09PHGWPMB
Does anyone have a suggesting what hardware setup could be the cause of this problem, or maybe some driver problem?
lo0: link state changed to UP
igc0: link state changed to DOWN
igc1: link state changed to DOWN
igc0: link state changed to UP
igc1: link state changed to UP
ahcich1: Timeout on slot 9 port 0
ahcich1: is 00000000 cs 00000000 ss 00000200 rs 00000200 tfd 50 serr 00000000 cmd 0000d517
(ada0:ahcich1:0:0:0): SEND_FPDMA_QUEUED DATA SET MANAGEMENT. ACB: 64 01 00 00 00 40 00 00 00 00 00 00
(ada0:ahcich1:0:0:0): CAM status: Command timeout
(ada0:ahcich1:0:0:0): Retrying command, 3 more tries remain
ahcich1: Timeout on slot 26 port 0
ahcich1: is 00000000 cs 00000000 ss 04000000 rs 04000000 tfd 40 serr 00000000 cmd 0000da17
(ada0:ahcich1:0:0:0): SEND_FPDMA_QUEUED DATA SET MANAGEMENT. ACB: 64 01 00 00 00 40 00 00 00 00 00 00
(ada0:ahcich1:0:0:0): CAM status: Command timeout
(ada0:ahcich1:0:0:0): Retrying command, 2 more tries remain
ahcich1: Timeout on slot 31 port 0
ahcich1: is 00000000 cs 00000000 ss 80000000 rs 80000000 tfd 40 serr 00000000 cmd 0000df17
(ada0:ahcich1:0:0:0): SEND_FPDMA_QUEUED DATA SET MANAGEMENT. ACB: 64 01 00 00 00 40 00 00 00 00 00 00
(ada0:ahcich1:0:0:0): CAM status: Command timeout
(ada0:ahcich1:0:0:0): Retrying command, 1 more tries remain
ahcich1: Timeout on slot 4 port 0
ahcich1: is 00000000 cs 00000000 ss 00000010 rs 00000010 tfd 40 serr 00000000 cmd 0000c417
(ada0:ahcich1:0:0:0): SEND_FPDMA_QUEUED DATA SET MANAGEMENT. ACB: 64 01 00 00 00 40 00 00 00 00 00 00
(ada0:ahcich1:0:0:0): CAM status: Command timeout
(ada0:ahcich1:0:0:0): Retrying command, 0 more tries remain
ahcich1: Timeout on slot 9 port 0
ahcich1: is 00000000 cs 00000000 ss 00000200 rs 00000200 tfd 40 serr 00000000 cmd 0000c917
(ada0:ahcich1:0:0:0): SEND_FPDMA_QUEUED DATA SET MANAGEMENT. ACB: 64 01 00 00 00 40 00 00 00 00 00 00
(ada0:ahcich1:0:0:0): CAM status: Command timeout
(ada0:ahcich1:0:0:0): Error 5, Retries exhausted
pflog0: permanently promiscuous mode enabled
WARNING: attempt to domain_add(netgraph) after domainfinalize()
15
22.1 Legacy Series / Re: NGINX does'n start after update to 22.1.9
« on: June 24, 2022, 10:22:31 am »
From which page can I revert separately Nginx or it it done through the console?
Pages: [1] 2